‘Serious vulnerabilities’ on the Internet of Things

Seven out of ten of the most commonly used Internet of Things (IoT) devices have "serious vulnerabilities", according to tech company Hewlett-Packard (HP).

Tests revealed 250 flaws across the devices, including privacy concerns in eight cases, weak password policies in the same number, and a lack of transport encryption in seven cases.

Daniel Miessler, practice principal at HP, said: "The current state of Internet of Things security seems to take all the vulnerabilities from existing spaces – network security, application security, mobile security and Internet-connected devices – and combine them into a new, even more insecure space, which is troubling."

Six of the devices had user interfaces that concerned the company, and the same number had troubling software or firmware, including unencrypted updating protocols.

"IoT security is not just a consumer problem," Miessler added.

"Corporations need to be looking at how their ICS (industrial control) and SCADA (supervisory control and data acquisition) systems fare when looked at under a similar light."

The devices investigated included a television, a home thermostat and a door lock, with most of items said to include some form of cloud service.